It's the same as putting any other public information in public key certificate. You can put first and last name, email address and even photo of another person.

In general: unless we have other trusted person to verify that public key belongs to certain person, we can not ensure key owner identity before we have some transactions signed with this key.

And we should not only trust person that has verified public key certificate, we should also know and trust the procedure this person used to verify public key certificate. And this is very important if there is a dispute, say about a signed contract.

This was the flaw in pgp's web of trust: verification procedures were not known.

Best regards,
Viktor Ageyev
CEO, Cryptonomica.net


On 14/07/2021 15:45, Стефан Васильев via Gnupg-users wrote:
if a person, within the EU, would put his COVID vaccination certificate QR-Code
in his pub-key as photo-ID I would say that than another GnuPG user, within
the EU, or maybe later in the U.S. and elsewhere too, would have the assurance, without that the public key is otherwise signed, that this pub key belongs to that
person.

On GitHub is a decoder available, which allows users to verify the digital signature
of such COVID certs, with trustlists from EU member states.

https://github.com/stapelberg/coronaqr

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to